Unauthorised access to corporate networks through stolen user names and passwords topped 45 per cent in 2010, according to the Verizon 2011 Data Breach Investigations Report, making credentials the second most compromised data type. To help address this growing security threat, Verizon is enhancing its cloud-based Enterprise Identity Services to give businesses more ways to authenticate users to corporate networks while offering strong security protection.
Verizon’s next generation of Enterprise Identity Services will now support popular devices such as smartphones and tablets – including those running on the iOS operating system as well as Android and BlackBerry devices. This process will enable users to more easily gain access to corporate networks using a two-factor authentication – a process where a dynamic code is issued to the end user that is used along with a personal identification number (PIN). In addition, Verizon’s identity services will now enable digital signing capabilities for contracts, wills and other legally binding documents.
Using readily available mobile devices for two-factor authentication significantly strengthens the security behind each user by incorporating additional intelligence such as phone number and location to validate a user’s identity. It also eases the implementation burden for consumers and enterprises, while offering multiple ways for users to authenticate to a network in the event their “token” is lost or stolen.
Traditionally, enterprises have used a specially issued single token or key fob to gain network access, a process that requires extensive behind-the-scenes management and deployment of tokens for sometimes tens of thousands of workers, leading to a time-consuming and resource-intensive process. It also generally does not include a built-in back-up plan for lost or stolen tokens.
“With the release of our newest version of Enterprise Identity Services, we are changing the game for two-factor authentication,” said Peter Tippett, Verizon vice president of industry solutions and security practices. “Our expectation is that by strengthening authentication methods, we can significantly reduce enterprise security risk and improve the security of sensitive information while easing the burden on corporate IT departments.”
The new version of Enterprise Identity Services also brings digital signing capabilities to its users. Digital signatures are used in numerous industries, most commonly in the medical and legal fields. For instance, with this service, physicians can electronically prescribe controlled substances in accordance with Drug Enforcement Administration requirements. Other enterprise uses of digital signing include signing essential corporate documents, such as W-9 forms.
In conjunction with the new digital signing capabilities, Verizon Enterprise Identity Services also offers enterprise customers a mobile application known as ID Message Center, which allows users to monitor and track their digital signature activity.
Verizon’s enhanced identity platform adheres to the OATH (Initiative for Open Authentication) standards, which calls for an open standards-based system that, like existing proprietary systems, requires users to provide two proofs of identity. By using an open standards-based system, enterprises can use a range of ID token devices without changing existing back-end security systems.
Delivered via the cloud, Verizon Enterprise Identity Services are aimed at helping reduce the costs and complexity traditionally associated with identity rollouts. With this solution, users do not need to purchase additional hardware or software, and if users lose a device, they can easily add a secondary device to retrieve their dynamic code for authentication.